|
|
|
Linda McCarthy
Reviewed by William S. Annis Certainly there is a lot of talk about computer security these days, talk often driven by the media and entertainment industries. Even with "hacker" making its way into colloquial usage, most people have no idea what exactly these hackers are doing, how they're doing it, and what havoc they really cause (I suspect we're doomed to lose "hacker" to the media it's so hard to take the term "cracker" seriously). Unfortunately, many of our bosses or people who make budgeting decisions also have no idea. This is a good book for these people, although it has several important points for us techie types. The book lives up to its subtitle with harrowing and lively accounts of intrusion incidents, many real, a few imagined for the sake of argument. Each incident provides the author with a framework to discuss the various sorts of human problems that lead to impaired security. A number of subjects are discussed, including the dangers of unmodified standard OS builds, educating inept or misinformed management, how departmental infighting weakens security, and the importance of understandable, workable policy. Management that insists on having excellent security while downsizing will benefit greatly from the dose of reality this book presents. The author also stresses the importance of training system administrators. We all know the importance of this, and perhaps someday more managers well get the idea. The horror stories in this book may get a few more moving in the right direction. This book does not contain much technical detail. It does not have a checklist of files to investigate when you suspect you have a compromised machine, nor will it tell you how to use SATAN to check your network. What it does provide is outlines for various things: setting up security policy, responding to an incident, auditing your site's security. The importance of clear and concise communication is emphasized throughout and is one of the strongest features of the book. Intranet Security suffers from a number of distracting stylistic flaws that will drive some readers away from it. If your manager was a literature major before being forced to switch to business, you may want to find another book. The text is liberally sprinkled with exclamation marks, and it's not hard to find groups of them bunched in threes at the ends of sentences. Emphasis is achieved by an equally liberal use of all caps. Finally, the author is very conscious of being a member of the elite group of trusted and competent security specialists and makes an equally impressive show of repeatedly omitting incident details to protect the people involved. This may be a natural consequence of the informal style of the book, but it sticks out and somewhat undermined my confidence in the author. Keeping in mind the book's flaws and informal style, I recommend you buy this book for anyone involved in making network policy decisions, anyone unfamiliar with the realities of computer security (and insecurity), and managers who don't believe training is worth the time and cost.
|
 Need help? Use our Contacts page.
First posted: 13th May 1998 efc Last changed: 13th May 1998 efc |
|
Issue index